<?php
	if(!($_SERVER['REQUEST_METHOD']==="POST"))
	{
		return;
	}
	if(!(isset($_POST["username"]) && isset($_POST["password"])))
	{
		return;
	}
	session_start();
	$db = new mysqli("127.0.0.1","fc","keks");
	
	
	define('SALT_LENGTH', 15);
	function HashMe($phrase,$salt)
	{
		return hash('sha512',$salt .  $phrase);
	}

	
	
	$username = $_POST["username"];

	$pw = $_POST["password"];
	
	$sql = "SELECT id, balance, wotaccountname,password FROM wottools.users WHERE wotaccountname = ?;";
	
	$stmt = $db->prepare($sql);

	if(!$stmt)
	{
		echo $db->error;
		return $db->error;
	}
	//echo "stmt prepped";
	$stmt->bind_param("s",$username);
	if(!($stmt->execute()))
	{
		return $db->error;
	}
	$stmt->bind_result($id,$balance,$wotaccountname,$hashedpassword);
	$stmt->fetch();
	//echo HashMe($pw,"0fd7f937c2593dbe94b019c2ad45d410");
	if($hashedpassword===HashMe($pw,"0fd7f937c2593dbe94b019c2ad45d410"))
	{
		//echo "setting userid=".$id;
		
		$_SESSION['userid']=$id;
		header('Location: http://pfann-kuchen.dyndns.org/WoTTools');
	}
	else
	{
		//echo "setting userid=1 (Guest)";
		$_SESSION['userid']=1;
		echo HashMe($pw,"0fd7f937c2593dbe94b019c2ad45d410");
	}
	$stmt->close();
	
?>

